Throughout the weekend an interesting story has been developing regarding Network Solutions & Wordpress. As early as April 5th a series of exploits began occurring within Network Solutions shared web hosting account targetting Wordpress installations. Though we'll spare you most of the details regarding the exploit itself, they appear to largely stem from insecure permissions on Network Solution's own shared web hosting accounts and misconfigurations by clients themselves.
It seems that somewhere along the way Network Solutions began pointing fingers towards Wordpress in an attempt to pass the blame, causing Matt Mullenwag, founding developer of Wordpress to make a public statement on the Wordpress blog regarding file permissions and their importance.The current arrangement that Network Solutions utilizes for serving their client's websites seems to be based on a non-suexec arrangement where files are all owned by a particular user, allowing anyone to (essentially) read almost anyone elses files if the permissions are misconfigured.
Most web hosting providers choose to go a more secure route and implement what's known as 'SuPHP', or 'PHP Suexec'. The latter solution results in each user owning his or her own files and results in increased filesystem permissions & security. The former solution that Network Solutions has been widely regarded as easily exploitable for years -- and something that almost all web hosting providers steer clear of.
For some more information on the most recent Wordpress exploits and network solutions you can view some of the original posts from a few security related blogs below. Don't hesitate to comment in the new forum if you have any additional information our readers might enjoy hearing.
Network Solutions and security flaw
Sun, 2 May 2010, 12:24
Do not host with Network Solutions?....... :)